[strongSwan] KEY_ID encoding
Volodymyr Litovka
doka.ua at gmx.com
Sat Sep 12 01:23:59 CEST 2020
Hi colleagues,
according to
https://wiki.strongswan.org/projects/strongswan/wiki/IdentityParsing :
"If the string begins with @# the type is set to KEY_ID and the string
following that prefix is assumed to be the hex-encoded binary value of
the identity."
It seems, I understand incorrectly the statement above, because
configuration for the key-id 'aa' (where @#6161 stands for HEX codes of
twin 'a') -
ikev2-psk {
[ ... ]
remote {
auth = psk
id = @#6161
}
do not work - StrongSwan do not consider this connection when choosing
between few.
What is the right way to describe id for PSK connection where remote
part uses key-id type, e.g. on Cisco it is "crypto isakmp identity
key-id aa"?
And which id need to be used in 'secrets' section to achieve the result?
Should it be
ike-cisco1 {
id = aa
secret = qwerty
}
or
ike-cisco1 {
id = @#6161
secret = qwerty
}
or something else done on the right way?
Thank you!
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200912/87704f47/attachment.html>
More information about the Users
mailing list